Total
318393 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-53055 | 1 Linux | 1 Linux Kernel | 2025-11-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: fscrypt: destroy keyring after security_sb_delete() fscrypt_destroy_keyring() must be called after all potentially-encrypted inodes were evicted; otherwise it cannot safely destroy the keyring. Since inodes that are in-use by the Landlock LSM don't get evicted until security_sb_delete(), this means that fscrypt_destroy_keyring() must be called *after* security_sb_delete(). This fixes a WARN_ON followed by a NULL dereference, only possible if Landlock was being used on encrypted files. | ||||
| CVE-2025-37143 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2025-11-12 | 4.9 Medium |
| An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits. | ||||
| CVE-2025-52602 | 1 Hcltech | 1 Bigfix Query | 2025-11-12 | 4.2 Medium |
| HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. An HTTP GET endpoint request returns discoverable responses that may disclose: group names, active user names (or IDs). An attacker can use that information to target individuals with phishing or other social-engineering attacks. | ||||
| CVE-2025-37144 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2025-11-12 | 4.9 Medium |
| Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | ||||
| CVE-2025-37145 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2025-11-12 | 4.9 Medium |
| Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | ||||
| CVE-2025-61417 | 1 Tastyigniter | 1 Tastyigniter | 2025-11-12 | 8.8 High |
| Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials. | ||||
| CVE-2025-54806 | 2 Growi, Weseek | 2 Growi, Growi | 2025-11-12 | 6.1 Medium |
| GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser. | ||||
| CVE-2025-61956 | 1 Radiometrics | 1 Vizair | 2025-11-12 | 10 Critical |
| Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning. | ||||
| CVE-2025-54496 | 1 Fujielectric | 1 Monitouch V-sft | 2025-11-12 | 7.8 High |
| A maliciously crafted project file may cause a heap-based buffer overflow in Fuji Electric Monitouch V-SFT-6, which may allow the attacker to execute arbitrary code. | ||||
| CVE-2025-54526 | 1 Fujielectric | 1 Monitouch V-sft | 2025-11-12 | 7.8 High |
| Fuji Electric Monitouch V-SFT-6 is vulnerable to a stack-based buffer overflow while processing a specially crafted project file, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2025-63784 | 1 Onlook | 1 Onlook | 2025-11-12 | 6.5 Medium |
| An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web/client/src/app/auth/callback/route.ts in Onlook web application 0.2.32. The vulnerability occurs because the application trusts the X-Forwarded-Host header value without proper validation when constructing a redirect URL. A remote attacker can send a manipulated X-Forwarded-Host header to redirect an authenticated user to an arbitrary external website under their control, which can be exploited for phishing attacks. | ||||
| CVE-2025-63783 | 1 Onlook | 1 Onlook | 2025-11-12 | 7.6 High |
| A Broken Object Level Authorization (BOLA) vulnerability was discovered in the tRPC project mutation APIs (update, delete, add/remove tag) of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for the requested project ID. An authenticated attacker can send a malicious request containing another user's project ID to unlawfully modify, delete, or manipulate tags on that project, which can severely compromise data integrity and availability. | ||||
| CVE-2025-63687 | 1 Rymcu | 1 Forest | 2025-11-12 | 6.5 Medium |
| An issue was discovered in rymcu forest thru commit f782e85 (2025-09-04) in function doBefore in file src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java, allowing authorized attackers to delete arbitrary users posts. | ||||
| CVE-2025-63686 | 1 Guominjim | 1 Personmanage | 2025-11-12 | 6.5 Medium |
| There is an arbitrary file download vulnerability in GuoMinJim PersonManage thru commit 5a02b1ab208feacf3a34fc123c9381162afbaa95 (2020-11-23) in the document query function under the Download Center menu in the PersonManage system. | ||||
| CVE-2025-57698 | 1 Astrbot | 1 Astrbot | 2025-11-12 | 7.5 High |
| AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to file_path without checking the validity of the filename. The variable file_path is then passed as a parameter to the function `file.save`, so that the file in the request body can be saved to any location in the file system through directory traversal. | ||||
| CVE-2025-27919 | 1 Anydesk | 1 Anydesk | 2025-11-12 | 8.2 High |
| An issue was discovered in AnyDesk through 9.0.4. A remotely connected user with the "Control my device" permission can manipulate remote AnyDesk settings and create a password for the Full Access profile without needing confirmation from the counterparty. Consequently, the attacker can later connect without this counterparty confirmation. | ||||
| CVE-2025-27918 | 1 Anydesk | 1 Anydesk | 2025-11-12 | 9.8 Critical |
| An issue was discovered in AnyDesk before 9.0.0. It has an integer overflow and resultant heap-based buffer overflow via a UDP packet during processing of an Identity user image within the Discovery feature, or when establishing a connection between any two clients. | ||||
| CVE-2025-12867 | 1 Hundredplus | 1 Eip Plus | 2025-11-12 | 7.2 High |
| EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2025-12866 | 1 Hundredplus | 1 Eip Plus | 2025-11-12 | 9.8 Critical |
| EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password. | ||||
| CVE-2025-12727 | 1 Google | 1 Chrome | 2025-11-12 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||